Channels

Services

TYPO3 updates plug multiple security holes

The TYPO3 developers have announced that they have found and closed a number of holes in their open source content management system (CMS). These security vulnerabilities, many rated as "High" severity, include cross-site scripting (XSS), information disclosure, unserialize() and authentication delay bypass holes.

These bugs could be exploited by an attacker to, for example, bypass security restrictions, insert scripts, access system information, delete files or conduct XSS attacks. Versions up to and including 4.3.11, 4.4.8 and 4.5.3 of TYPO3 are affected.

Versions 4.3.12, 4.4.9 and 4.5.4 of TYPO3 have been released to address these issues and are available to download from the TYPO3 web site. Administrators are advised to install the updates as soon as possible.